AOSP Changelogs

android-security-13.0.0_r1 to android-security-13.0.0_r2 AOSP changelog

This only includes the Android Open Source Project changes and does not include any changes in any proprietary components included by Google or any hardware manufacturer. The raw log was generated using a modified version of this script written by JBQ and improved by Al Sutton.

Please do not copy this without attribution to this site and JBQ for the original script.

+- Project: platform/art

1d8a0257e4 : Fix use-after-free issue for dexfile

+- Project: platform/build

c4792470c7 : Version bump to TSV1.220628.024 [core/build_id.mk]
95c102c944 : Version bump to TSV1.220628.023 [core/build_id.mk]
54facb11c1 : Version bump to TSV1.220628.022 [core/build_id.mk]
b830b7294b : Version bump to TSV1.220628.021 [core/build_id.mk]
b5805deac2 : Version bump to TSV1.220628.020 [core/build_id.mk]
17c2df17f5 : Version bump to TSV1.220628.019 [core/build_id.mk]
1bb84a2f87 : Version bump to TSV1.220628.018 [core/build_id.mk]
09a155fe07 : Version bump to TSV1.220628.017 [core/build_id.mk]
e0f2bbf396 : Support chained init_boot partition signing
4b031b9e7e : Version bump to TSV1.220628.015 [core/build_id.mk]
bc57ba1302 : Version bump to TSV1.220628.014 [core/build_id.mk]
e91bc0e99d : Version bump to TSV1.220628.013 [core/build_id.mk]
a8d8f9e37d : Version bump to TSV1.220628.012 [core/build_id.mk]
f8da244218 : Version bump to TSV1.220628.011 [core/build_id.mk]
f868c2b54b : Version bump to TSV1.220628.010 [core/build_id.mk]
704bf9e9ee : Version bump to TSV1.220628.009 [core/build_id.mk]
61a0712dc2 : Version bump to TSV1.220628.008 [core/build_id.mk]
1a32de5783 : Version bump to TSV1.220628.007 [core/build_id.mk]
1e8c661f89 : Version bump to TSV1.220628.006 [core/build_id.mk]
2879d3117d : Version bump to TP1A.220624.014 [core/build_id.mk]
ea74f3753f : Version bump to TP1A.220624.013 [core/build_id.mk]
d08025e143 : Version bump to TP1A.220624.012 [core/build_id.mk]
04f9e31c48 : Version bump to TSV1.220628.005 [core/build_id.mk]
9d9caf2ee9 : Version bump to TP1A.220624.011 [core/build_id.mk]
c494d0291a : Version bump to TP1A.220624.010 [core/build_id.mk]
193d68bbc3 : Version bump to TP1A.220624.009 [core/build_id.mk]
a8de116ced : Version bump to TP1A.220624.008 [core/build_id.mk]
af0a439b77 : Version bump to TP1A.220624.007 [core/build_id.mk]
9b2f585765 : Version bump to TP1A.220624.006 [core/build_id.mk]
28ab2d31e7 : Version bump to TP1A.220624.005 [core/build_id.mk]
17c17f4838 : Version bump to TSV1.220628.004 [core/build_id.mk]
17d732e55f : Version bump to TSV1.220628.003 [core/build_id.mk]
912fc0827b : Version bump to TSV1.220628.002 [core/build_id.mk]
3aaf633e7e : Version bump to TP1A.220624.004 [core/build_id.mk]
fbd160844d : Version bump to TP1A.220624.003 [core/build_id.mk]

+- Project: platform/external/crosvm

a1aa34909 : ANDROID: Verify virtio queue address ranges are valid

+- Project: platform/external/dtc

3c8bd4a : [automerge] libfdt: fdt_path_offset_namelen: Reject empty paths 2p: a6ac6d916d 2p: c69e9730e6
d24b7ee : Fix integer wrap sanitisation.
e189587 : [automerge] FROMGIT: libfdt: fdt_offset_ptr(): Fix comparison warnings 2p: 6f0fef2b2a 2p: 736c673f28

+- Project: platform/external/expat

8b19476e : [CVE-2022-43680] Fix overeager DTD destruction (fixes #649)

+- Project: platform/frameworks/av

4881da8bf9 : RESTRICT AUTOMERGE Use static token for myAttributionSource in ServiceUtilities
1e2ff894d4 : move MediaCodec metrics processing to looper thread
b072419650 : audio policy: fix sensor privacy listener
1bdedbb25e : Fix Out of Bounds Read in AAVCAssembler
bae3b00a58 : audio: fix missing package name in attribution source
653fa60872 : libstagefright: fix heap use after free issue
68aa4c1f5e : [Fix vulnerability] setSecurityLevel in clearkey
8cb854cf41 : Add missing bounds checks
d3070a5126 : Cache MMAP client silenced state.

+- Project: platform/frameworks/base

5e457e2a2bb1 : Disallow clicks on privacy chip before provisioned
8f55482f3f7e : RESTRICT AUTOMERGE Use chain start token in performOpTransaction
4ade97466b74 : Use rule package name in addAutomaticZenRule; specify "android" for all system apps
5b8c79ce706c : Convert argument to intent in ChooseTypeAndAccountActivity
e94e04eba84b : [RESTRICT AUTOMERGE] Correct the behavior of ACTION_PACKAGE_DATA_CLEARED
cc59bd0aa23b : [DO NOT MERGE] Revert "Check rule package name in ZenModeHelper.addAutomaticRule"
de6824bb7efe : [DO NOT MERGE] Revert "Fix system zen rules by using owner package name if caller is system"
4113e0acf4b9 : Fix system zen rules by using owner package name if caller is system
490fc265d3bc : Check rule package name in ZenModeHelper.addAutomaticRule
16c604aa7c25 : Ensure that only SysUI can override pending intent launch flags
bb1009673650 : Fix sharing to another profile where an app has multiple targets
7eff067c1cb8 : Add protections against queueing a UsbRequest when the underlying UsbDeviceConnection is closed.
90b4be4c13ed : [SettingsProvider] workaround for DevicePolicyResourcesManager
9ad3d25b4e9b : RESTRICT AUTOMERGE Revoke SYSTEM_ALERT_WINDOW on upgrade past api 23
640e625c8567 : Trim the activity info of another uid if no privilege
6295d7a6daf2 : [RESTRICT AUTOMERGE][SettingsProvider] key size limit for mutating settings
6f8dc4d6ce3a : RESTRICT AUTOMERGE Validate permission tree size on permission update
480a28fc3dae : [RESTRICT AUTOMERGE] [SettingsProvider] mem limit should be checked before settings are updated
6422cba34482 : Disable all A11yServices from an uninstalled package.
889229eedf17 : Limit lengths of fields in Condition to a max length.
0407c04aae5e : Limit length and number of MIME types you can set
7a6528992608 : [DO NOT MERGE] Revert "Check rule package name in ZenModeHelper.addAutomaticRule"
73b491fc0e41 : [DO NOT MERGE] Revert "Fix system zen rules by using owner package name if caller is system"
a7de66d92b79 : Update Parcel readLazyValue to ignore negative object lengths
cff7c94903b7 : Add safety checks on KEY_INTENT mismatch.
447333ab45b5 : Lower per-app notificationchannel limit
56dd904b0723 : Ignore malformed shortcuts
6c61ae102870 : Allow activity to be reparent while allowTaskReparenting is applied
37129473a829 : Fix a security issue in app widget service.
6d0daf93fd65 : Fix NPE
132aaeb8d525 : New Pipeline: hide VISIBILITY_SECRET notifications on lock screen
423bbdef31ec : [pm] forbid deletion of protected packages
77a54107231f : Include all enabled services when FEEDBACK_ALL_MASK.
47af07fbf1fc : Prevent exfiltration of system files via avatar picker.
323a44aadb13 : TEST ONLY, please ignore this cherrypick (https://b.corp.google.com/issues/244482743#comment3). GitWatcher: ignore ------------------------------
85ca64e2bcfc : Validate package name passed to setApplicationRestrictions. (Reland)
33d74fb91631 : Prevent non-admin users from deleting system apps.
8e4a6ecb0e03 : Limit the size of NotificationChannel and NotificationChannelGroup
86dbbfea063a : Revert "Prevent non-admin users from deleting system apps."
aeaab77cf79c : Do not dismiss keyguard after SIM PUK unlock
cbfc52dabdc6 : Fix system zen rules by using owner package name if caller is system
90857cd54f63 : Remove legacy WRITE_EXTERNAL_STORAGE permission check for Installers
754760b17f6c : Trim any long string inputs that come in to AutomaticZenRule
3394dbd19f29 : Fix auto-grant of AR runtime permission if device is upgrading from pre-Q
7a6833cec280 : Check rule package name in ZenModeHelper.addAutomaticRule
036f3f272032 : Update BaseBundle to not use LazyValues when using ReadWriteHelper
2966a4499435 : Do not send AccessibilityEvent if notification is for different user.
4476230208eb : Do not send new Intent to non-exported activity when navigateUpTo
2d134d028df9 : Move accountname and typeName length check from Account.java to AccountManagerService.
f81499055cdc : switch TelecomManager List getters to ParceledListSlice
1ae90b98f0eb : Enforce zen rule limit on a package level.
d2a2c552b3ba : Strip transition information from activityoptions when sent to app
0531e9c02e5e : Block FullScreenIntent while device is in use if notification has a silencing GroupAlertBehavior.
2b63eb0d2fe7 : Fix Notification redaction when power cycling a non-dozing device while occluded.
7fe9436d3860 : Perform the user-allowlist check after all other fixed allowlist check
4fa175abc8b4 : Revert "Revert "Limit the number of concurrently snoozed notifications""
6bf29758c66a : Stop crashing the system on hitting the alarm limit
5e0dd5db86d0 : Remove package name from SafetyNet logs
a07cc7613785 : Size restrict right icon size in notification
d02830802a24 : Fix exception when opening App info on work profile
ddcd7479aab5 : Don't setOccluded in onLaunchAnimationStart.
7d7ee57b4dbb : Don't freeze apps in the power exemption allow list.
fd00dbf126b6 : Do nothing in duplicate onDialogAnimatedIn calls
5652facc3b42 : Don't crash on illegal biometric states
6a76e2cb6c0c : Revert "Get rid of double measure"
56059b266eab : Set occluded state on remote animation cancel.
a49c0207fa90 : Pass keyguard occluded status in onAnimationCancelled.
6c95f48d4b13 : Re-introduce ActivityTaskManager in CdmService
27cae49f7eec : Correctly parse minSdk even when targetSdk is a codename
b927d9db6bff : DPMS workaround to check the device owner type in PermissionController
b50382982ce5 : Fix exception in expandSplitContainerIfNeeded
c113a129072f : Fix ADB key file reading

+- Project: platform/frameworks/minikin

8cec42b : Fix OOB crash for registerLocaleList
335db81 : Fix OOB read for registerLocaleList

+- Project: platform/hardware/interfaces

e7355d6b6 : Add additional bounds checks to NNAPI FMQ deserialize utility functions
9bce12a99 : Fix array out of bound in audioTransportToHal.

+- Project: platform/hardware/nxp/nfc

3612cbf : OOBR in NxpMfcReader::SendIncDecRestoreCmdPart2
aa44a2f : OOBW in phNxpNciHal_write_unlocked()

+- Project: platform/packages/apps/EmergencyInfo

105e1702 : Removes unnecessary permission from the EmergencyInfo app.
7f1f837c : Prevent exfiltration of system files via avatar picker.
f3595637 : Revert "Prevent exfiltration of system files via user image settings."

+- Project: platform/packages/apps/Settings

11572fb213 : RESTRICT AUTOMERGE Make bluetooth switch not discoverable via SliceDeepLinkTrampoline
5b6b4b87bb : Remove Intent selector from 2-pane deep link Intent
147848a4bc : [DO NOT MERGE] Add FLAG_SECURE for ChooseLockPassword and Pattern
a3881712a0 : Make bluetooth not discoverable via large screen deep link flow

+- Project: platform/packages/modules/Bluetooth

4d51a097b9 : Add bounds check in avdt_scb_act.cc
0c19bbdc11 : Report failure when not able to connect to AVRCP
2fdc7b6231 : Fix OPP comparison
bb8740e4f0 : Pass IRK rotation flag into native
0bb80e1c0a : Add flag to toggle IRK rotation
dc463a94a8 : Reschedule address rotation after connection to advertising set
ade8d7fc31 : Rotate advertising set addresses on IRK change
331b9dee9e : Fix URI check in BluetoothOppUtility.java
8fffa0c87d : Fix interger overflow when parsing avrc response
e5899fa26a : Add length check when copy AVDT and AVCT packet
8d867aae99 : Add missing increment in bnep_api.cc
41f6353fb7 : Added max buffer length check
15a5c6531d : Add length check when copy AVDTP packet
a955d3b653 : Add buffer in pin_reply in bluetooth.cc
0dc87823d7 : Add negative length check in process_service_search_rsp
30178c6f27 : Add local to pan_api.cc
c26dc0b16b : Ignore calls to set the address policy after it has already been set
ba297535a6 : Reconfigure Address policy on last bond removed
9f563b220c : Fix potential interger overflow when parsing vendor response

+- Project: platform/packages/modules/Connectivity

3fe79c1e65 : [RESTRICT AUTOMERGE] Restrict halfsheet cancel broadcast

+- Project: platform/packages/modules/NeuralNetworks

75337db4c : Add additional bounds checks to NNAPI FMQ deserialize utility functions

+- Project: platform/packages/modules/Permission

4c52cd0f3 : Add one-time flag to permission if group is currently one-time

+- Project: platform/packages/modules/Wifi

643cdee055 : wifi: Reset to default SAP configuration when doing factory reset
d7df9d633c : [Passpoint] Add more check to limit the config size
f600d9210c : [DO NOT MERGE] passpoint: validate decorated identity prefix
6fbaa0f62c : [DO NOT MERGE] wifi: remove certificates for network factory reset
9e88766e59 : Detect ClientModeManager transitioning into primary or scan only
44026b7c95 : Prevent restricted user from adding network through camera
c373d06860 : Fix NPE

+- Project: platform/packages/providers/MediaProvider

e2edf1fce : Set intent priority for PICK_IMAGES
3cb8e5d3a : isDataOrObbPath blocks access to Android/[data|obb] dirs only
13b399d58 : DO NOT MERGE Avoid path traversal in MediaProvider delete call

+- Project: platform/packages/providers/TelephonyProvider

046d4880 : Check dir path before updating permissions.

+- Project: platform/packages/services/Telecomm

5b763ee4c : Fix security vulnerability issue for multi user call redirections.
8d77a5eb7 : Fix security vulnerability when register phone accounts.
3262c7419 : Hide overlay windows when showing phone account enable/disable screen.
99b85f98d : Fix security vulnerability issue for multi user call redirections.
404c0ca49 : switch TelecomManager List getters to ParceledListSlice

+- Project: platform/packages/services/Telephony

8fa091703 : prevent overlays on the phone settings

+- Project: platform/system/connectivity/wificond

dc8a57a : Use sp<T>::make to create the sp pointer for EventLoopCallback

+- Project: platform/system/nfc

7068cbc4 : The length of a packet should be non-zero